There should be a setting for clearing the cache files when the app is closed, i.e. an implicit purge of files on close and not just an explicit one from the preference dialogue.
Cache files can be used for fingerprinting the user. The attack assumes either WMF does it, some man in the middle, or some third party service. If cache attacks are a problem, but a full purge seems like too heavy, then a purge of cache files on random is enough to disrupt the fingerprinting and create deniability.
Note that files delivered as packages for a single page doesn't leak too much info, but still several such packages can be used for fingerprinting. The worse items on the page are the thumbnail views, due to the number of requests.
To avoid fingerprinting through the thumbnail views, all possible thumbnails can be requested as a single batch before showing any of them, or all cached thumbnails can be purged on leaving the page.
I should probably add that use of the app together with an IP-address leaks more than enough to fingerprint the local user. That is the number of users are rather few, and it is unlikely there are several users of the app behind a single IP-address. Masquerading as a more common browser might limit the problem.
There should be a setting for clearing the cache files when the app is closed, i.e. an implicit purge of files on close and not just an explicit one from the preference dialogue.
Cache files can be used for fingerprinting the user. The attack assumes either WMF does it, some man in the middle, or some third party service. If cache attacks are a problem, but a full purge seems like too heavy, then a purge of cache files on random is enough to disrupt the fingerprinting and create deniability.
Note that files delivered as packages for a single page doesn't leak too much info, but still several such packages can be used for fingerprinting. The worse items on the page are the thumbnail views, due to the number of requests.
To avoid fingerprinting through the thumbnail views, all possible thumbnails can be requested as a single batch before showing any of them, or all cached thumbnails can be purged on leaving the page.
I should probably add that use of the app together with an IP-address leaks more than enough to fingerprint the local user. That is the number of users are rather few, and it is unlikely there are several users of the app behind a single IP-address. Masquerading as a more common browser might limit the problem.
This is related to #114